Epsilon Aims to Mend Trust Issues With New Anti-Hacker Product

Direct-Marketing Firm Takes Action After April Data Breach

Nearly three months after a major email data breach by hackers, direct-marketing firm Epsilon is trying to repair its trust issues with clients -- and is even hoping to attract new ones -- with a new service that claims to detect "electronic crimes in motion."

The list of companies and organizations that have become exposed to hackings is rapidly expanding, with Sony and the CIA among the recent targets. But in the case of Epsilon's breach in April, the violations infringed on both advertisers -- including companies such as JP Morgan Chase, Citi, Walgreens, Kroger and McKinsey -- as well as consumers.

Epsilon CEO Bryan Kennedy told Ad Age the agency, which is the second-largest direct-marketing firm in the U.S., over the past few months has been focused on developing new data security standards. That has led to two new services, he said.

Epsilon is partnering with Verizon on the first: a service that aims to detect "electronic crimes in motion" by finding malicious IP addresses. How does that work? According to a statement from Verizon, it means that the company now is alerted by Verizon to incidents that are not normal, and receives near real-time notification of other indicators of behaviors of an attack or curious behavior.

The second is an Epsilon-only initiative that will restrict the way its employees can access their customers' data. For example, no more accessing email data or deploying email campaigns for clients from home. Though the move could improve client and consumer security, agency and client employees will have less flexibility and access to much of their work. This may put a damper on any snowy work-from-home time.

"When it comes to sacrificing some flexibility for the enhancement of security, clients endorse that approach and Epsilon's client-services teams work closely with clients to communicate all innovations and updates to our platform, including security enhancements," said Mr. Kennedy.

Asked if he thinks the moves were tardy, Mr. Kennedy only had this to say: "Cyber security is a universal problem and nobody is immune."

On April 1, Epsilon experienced a brand blow when hackers obtained data including names and e-mail addresses, affecting 2% of its client base, the agency said in the wake of the attacks. "The Company believes the greatest risk to Epsilon and Alliance Data is the potential loss of valued clients," the company at the time said in a statement. "Specifically, the Company's number one priority over the near and long-term will be to ensure that Epsilon's clients regain complete trust in the company's operations."

No clients have left as of yet, a spokesperson said. The firm reported $454 million in worldwide revenue in 2010, according to Ad Age Data Center.

At the time, the agency worked with federal authorities and forensics experts from Verizon's managed security services business, which is where the relationship with the telecom giant was born. For Verizon, it's only the latest effort in this managed securities space. The company acquired managed security vendor Cybertrust in 2007.

Whether Epsilon's product draws interest remains to be seen, but the holy grail would, of course, be a tool that actually prevents cyber crimes.